 |
Post AsxIp0rPyhZS2bOaNE by [email protected] |
 |
More posts by [email protected] |
|
Post #Asx2BdOjgAcyiFBGNM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Marvellous. |
|
|
|
Post #Asx3hO5EFo0UR5lGW8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog IIS is still a thing? |
|
|
|
Post #Asx5OUP2jXY8RT9636 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog That seems like a huge error, given that C:\inetpub is the default… |
|
|
|
Post #Asx5nYI1Q5IDjhoQr2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog okay but i now have an inetpub directory on a bunch of windows sys… |
|
|
|
Post #Asx5wG5cSMELtcA9Ue by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog nice. I wonder how bad Windows 11 responds if autoexec.bat and con… |
|
|
|
Post #Asx6SQsprQOmdgWc2i by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog lolol I was wondering how badly that inetpub thing would break thi… |
|
|
|
Post #Asx6XSVvE5SH8yCie0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Very good, but what appalls me is "We noticed you regularly u… |
|
|
|
Post #Asx76k0iAMYpXmQglc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog Who could have guessed that we'd all be the next contestants o… |
|
|
|
Post #Asx7gTgSLV4DKfznqy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Oh, is that why my Windows server 2019 system keeps failing to ins… |
|
|
|
Post #Asx7ssyo7bflGHUoim by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I have 'intpub' but do not have IIS running. I've no i… |
|
|
|
Post #Asx87WpIllaQtk22y0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog At last an easy way to get rid of these fuckin updates! š¤Ŗ |
|
|
|
Post #Asx8AezGssph4qBkRM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @wdormann IāllEither be seeing this in ten days or theyāll pul… |
|
|
|
Post #Asx8SR4LN1gB7h2MLI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDogCan you do anything other than prevent installation? Maybe a hard … |
|
|
|
Post #Asx8VEEFZBOgAW0DIm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog that is crazy. I'd say someone at MS is probably kicking them… |
|
|
|
Post #Asx9FlA5SHHdd3F7qq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Great job Microsoft, due to their incompetence, now everyone knows… |
|
|
|
Post #Asx9PMEF0h93CElLQu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Noice wunš |
|
|
|
Post #AsxAGXBP0stUWBn8FM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Vulnerability? Or opportunity? š š |
|
|
|
Post #AsxAz5s7OyC8qV1FI0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Stoked to learn there's an easier way to prevent it from updat… |
|
|
|
Post #AsxChT7OQw2xdft4DI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog still with inetpub since like forever |
|
|
|
Post #AsxD2KRzr3o0q0THLE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Windows allows non-admin users to create any folder they want in C… |
|
|
|
Post #AsxEBRAOM0TSEB8yWW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @distrowatch You can't, if the system is properly configured. … |
|
|
|
Post #AsxIp0rPyhZS2bOaNE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog looks like the linked post has been edited to say they were wrong? |
|
|
|
Post #AsxMDzSYcjBanXMwDo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Specifically, I've seen all April updates install even when C:… |
|
|
|
Post #AsxMefSl4y7mb8BSAS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] something something Junction Points something so… |
|
|
|
Post #AsxN2JTUTxmXLvnjqC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog That is a special kind of insecure. |
|
|
|
Post #AsxN3CI2gEIvMLrs8G by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann @GossiTheDog If it's not C:\inetpub, could it be related to the u… |
|
|
|
Post #AsxRD4RP7JaBjFD6Po by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Ah, that'd do it!But at the same time, creating files in the r… |
|
|
|
Post #AsxRnr4DntMwxsuISm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog You can?Non-admin users don't have SeCreateSymbolicLinkPrivile… |
|
|
|
Post #AsxTLBxBGkwxFm4ddo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog Could you use a junction instead? |
|
|
|
Post #AsxTpfzKALfZ5jc2Nc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Just to be clear, while mklink /h can itself be used by a non-admi… |
|
|
|
Post #AsxWMCQ7Jr32qwmSOW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Ah, you'd think that you couldn't.But indeed you can!That … |
|
|
|
Post #AsxgTvrlkX9jN02aJ6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog could sysmon pick it up? |
|
|
|
Post #Asxgdvq6hiDgBO20nI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@qdkp @GossiTheDog Interestingly, a C:\inetpub junction is left as-is after the… |
|
|
|
Post #Asxgu5cc6KnT9hQNsG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog Does it also break if you create a folder and set everyo… |
|
|
|
Post #Asxgu5izibtvTUPTou by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@FritzAdalis @GossiTheDog No, this doesn't break anything.Maybe TrustedInst… |
|
|
|
Post #Asxgw2SAqtLHuMTFtw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @briankrebs maybe mention this on your linkedin post, as it seems … |
|
|
|
Post #AsxgyuKtUNHdbKQxGa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog What in the actual fuck? |
|
|
|
Post #AsxhQBcPLD3V1KdJpo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I mean, Microsoft explicitly states that you CANNOT create a junct… |
|
|
|
Post #AsxhgnEFH5jgIfFZAm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog Encountered the same error. I used sysinternals junction… |
|
|
|
Post #AsxhnEfKB7TX8BzKHA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @GossiTheDog Thanks for checking! They probably check the acl, or ma… |
|
|
|
Post #AsxiVgjtA8h2wRJt1E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog here's my analysis, which was *meant* to be a reply: https://l… |
|
|
|
Post #AsxjRiIfW6mwZwFx7Q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog i guess they can fix it with a servicing stack update |
|
|
|
Post #AsyG5PqajyPLSs6BxQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @wdormann They updated the FAQ for CVE-2025-21204 saying that it&#… |
|
|
|
Post #AsytXSJx2A2tSOC1ZY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @Busta Hilarious.The two things that MSRC seems to aim to to achie… |
|
|
|
Post #AsyuQmWHdVxM1uLIzw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @Busta Yeah, this is a juicy new discovery. |
|
|
|
Post #AtC0IPorHFuW5Zu6L2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Can confirm running this command as a non-admin user breaks April 2025 Windows … |
|
|
|
Post #AtC0QxOGLRYMWZXLSy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Bonus points, if you run it from cmd.exe, itās not logged in EDR products or … |
|
|
|
Post #AtC0aWpNxUbD2PmsZU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog I really need to move to Linux permanently š¤¦āāļø |
|
|
|
Post #AtC1Rmy4gFXYRZFRY0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Does mklink create NTFS USN journal entries? It must, right? |
|
|
|
Post #AtC49taNdWkdcPKCBs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I am curios if this works on company provisioned laptops.... |
|
|
|
Post #AtC6zrR34poluornKi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog Yup (I tested with mklink /j c:\inetpub "%USERPROFILE%\ntuser… |
|
|
|
Post #AtC7LS6RwTx1igWkcq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cblte @GossiTheDog Probably does, unless your admin specifically locked down C… |
|
|
|
Post #AtC8HpEO6veCFJ4gwS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I used to care. Now, it's way past fuck Bill Gates and all Mic… |
|
|
|
Post #AtC8N7ULepJ2Jn44MC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I couldn't wait for the first ridiculous exploit as soon as I … |
|
|
|
Post #AtC9Id9kadgV2YqyKu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
I just realised my original thread on this auto deleted after a week, but itā… |
|
|
|
Post #AtC9uRs6zfvv2vdUuW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog I didnāt realize this part. It wonāt show up in MDE logs? |
|
|
|
Post #AtC9wtJzuIxcl8qOq8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog oh my fucking godsii don't okay just gonna keyboard smash some… |
|
|
|
Post #AtCAypcUjz61oPz90q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog ā¹ļø |
|
|
|
Post #AtCPBWhPnUBAFnEZyi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDogIām a Linux person - am I reading correctly that this (in essence… |
|
|
|
Post #AtCPEEoIlRVhdnkS2K by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@simonzerafa @GossiTheDog templeos is much better for Security #than any other … |
|
|
|
Post #AtCPokAtd5DdLCiwwC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog oh, how delicious š |
|
|
|
Post #AtDDnnVyilu17PKM9g by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog š |
|
|
|
Post #AtE14vFg6Tizn8UxYe by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@jernej__s @GossiTheDog No, they didn't.... |
